Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critial vulnerabilities #21

Open
lukasz-madon opened this issue Sep 30, 2022 · 1 comment
Open

Critial vulnerabilities #21

lukasz-madon opened this issue Sep 30, 2022 · 1 comment

Comments

@lukasz-madon
Copy link

After running npm audit

lodash.template  <4.5.0
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
fix available via `npm audit fix`
node_modules/sticky-sidebar-v2/node_modules/gulp-util/node_modules/lodash.template
  gulp-util  >=1.1.0
  Depends on vulnerable versions of lodash.template
  node_modules/sticky-sidebar-v2/node_modules/gulp-util

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/sticky-sidebar-v2/node_modules/minimist
@BaliseSystems
Copy link

BaliseSystems commented Oct 25, 2022
edited
Loading

@blixhavn, The npm audit report get lot of high severity issue.
Below the list

`# npm audit report

ansi-regex 4.0.0 - 4.1.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - GHSA-93q8-gq69-wqmw
fix available via npm audit fix
node_modules/sticky-sidebar-v2/node_modules/ansi-regex

glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - GHSA-ww39-953v-wcq6
fix available via npm audit fix
node_modules/sticky-sidebar-v2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/sticky-sidebar-v2/node_modules/chokidar
glob-watcher >=3.0.0
Depends on vulnerable versions of chokidar
node_modules/sticky-sidebar-v2/node_modules/glob-watcher
gulp >=4.0.0
Depends on vulnerable versions of glob-watcher
Depends on vulnerable versions of vinyl-fs
node_modules/sticky-sidebar-v2/node_modules/gulp
glob-stream 5.3.0 - 6.1.0
Depends on vulnerable versions of glob-parent
node_modules/sticky-sidebar-v2/node_modules/glob-stream
vinyl-fs >=2.4.2
Depends on vulnerable versions of glob-stream
node_modules/sticky-sidebar-v2/node_modules/vinyl-fs

lodash.template <4.5.0
Severity: critical
Prototype Pollution in lodash - GHSA-jf85-cpcp-j695
fix available via npm audit fix
node_modules/sticky-sidebar-v2/node_modules/gulp-util/node_modules/lodash.template
gulp-util >=1.1.0
Depends on vulnerable versions of lodash.template
node_modules/sticky-sidebar-v2/node_modules/gulp-util

minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - GHSA-f8q6-p94x-37v3
fix available via npm audit fix
node_modules/sticky-sidebar-v2/node_modules/minimatch
mocha 5.1.0 - 9.2.1
Depends on vulnerable versions of minimatch
Depends on vulnerable versions of nanoid
node_modules/sticky-sidebar-v2/node_modules/mocha

minimist <1.2.6
Severity: critical
Prototype Pollution in minimist - GHSA-xvch-5gv4-984h
fix available via npm audit fix
node_modules/sticky-sidebar-v2/node_modules/minimist

nanoid 3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - GHSA-qrpm-p2h7-hrv2
fix available via npm audit fix
node_modules/sticky-sidebar-v2/node_modules/nanoid`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lukasz-madon @BaliseSystems